Hi Simone, Thank you very much for the advice, I ran nprobe with the template fields I needed and EXPORTER_IPV4_ADDRESS is now populated correctly.
—snip— $ cat 51.flows | head -2 IN_BYTES|IN_PKTS|PROTOCOL|SRC_TOS|L4_SRC_PORT|IPV4_SRC_ADDR|INPUT_SNMP|L4_DST_PORT|IPV4_DST_ADDR|OUTPUT_SNMP|IPV4_NEXT_HOP|SRC_AS|DST_AS|LAST_SWITCHED|FIRST_SWITCHED|SAMPLING_INTERVAL|SAMPLING_ALGORITHM|ENGINE_TYPE|ENGINE_ID|DST_TOS|FLOW_ID|EXPORTER_IPV4_ADDRESS 1450|1|6|0|443|185.60.219.14|1000100|27025|169.1.195.86|17|0.0.0.0|32934|37611|1509976231|1509976231|1|1|0|134|0|296|41.76.224.226 —snip— Glad it working but still confused as to why if I just specify EXPORTER_IPV4_ADDRESS nprobe writes out 0.0.0.0 regards Alan > On 06 Nov 2017, at 11:42, Simone Mainardi <maina...@ntop.org> wrote: > > Alan, > > nProbe output is cropped. Please, share the FULL output. > > Also try not to specify a template to run these tests. NonIP means there's > traffic that is not IP (e.g., a DHCP request). > > Regards, > > Simone > > > >> On 6 Nov 2017, at 10:28, Alan Kemp <a...@irisns.com >> <mailto:a...@irisns.com>> wrote: >> >> >> Hi Simone, >> >> Thank you for the suggestion. >> Im not running: >> —snip— >> sudo nprobe --collector-port 9995 -i none -n none -V 9 -P ./flows/ -0t -b2 >> -T %EXPORTER_IPV4_ADDRESS >> —snip— >> >> Same result: >> >> —snip— >> $ cat 23.flows | head -10 >> EXPORTER_IPV4_ADDRESS >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> 0.0.0.0 >> —snip— >> >> The output from -b2 debug >> >> —snip-- >> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] >> 40:71:83:A6:A0:0D:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1450 bytes][ifIdx >> 1000007->1000004][0.0 sec][init Unknown][AS: 0 -> 0] >> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] >> 80:71:1F:92:DF:C2:0 -> 28:99:3A:06:85:C3:0 [1 pkt/76 bytes][ifIdx >> 1000004->1000001][0.0 sec][VLAN 10/10][init Unknown][AS: 0 -> 0] >> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] >> 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx >> 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] >> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] >> 28:99:3A:06:85:C3:0 -> 54:4B:8C:70:78:18:0 [1 pkt/1450 bytes][ifIdx >> 1000100->17][0.0 sec][VLAN 1231/1231[init Unknown][AS: 0 -> 0] >> 06/Nov/2017 11:24:29 [engine.c:2887] Emitting Flow: [->][NonIP] >> 3E:94:D5:2C:08:F6:0 -> 28:99:3A:06:85:C3:0 [1 pkt/1472 bytes][ifIdx >> 1000005->17][0.0 sec][init Unknown][AS: 0 -> 0] >> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: >> 1000001 -> 1000004][subflowId: >> 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] >> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [F0:1C:2D:20:2F:CB -> 28:99:3A:06:85:C3][vlan 0/0][tos 128][ifIdx: >> 1000001 -> 1000004][subflowId: >> 0/0x0000][idx=1180][firstSeen=1509960269/0][direction: RX] >> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [4C:16:FC:18:E8:AA -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: >> 1000006 -> 1000100][subflowId: >> 0/0x0000][idx=1361][firstSeen=1509960269/0][direction: RX] >> 06/Nov/2017 11:24:29 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: >> 1000005 -> 1000004][subflowId: >> 0/0x0000][idx=1306][firstSeen=1509960269/0][direction: RX] >> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [3E:94:D5:2C:08:F6 -> 28:99:3A:06:85:C3][vlan 0/0][tos 0][ifIdx: >> 1000005 -> 1000004][subflowId: >> 0/0x0000][idx=1306][firstSeen=1509960270/0][direction: RX] >> 06/Nov/2017 11:24:30 [engine.c:2689] New Flow: [NonIP] 0.0.0.0:0 -> >> 0.0.0.0:0 [80:71:1F:92:DF:C2 -> 28:99:3A:06:85:C3][vlan 10/10][tos 0][ifIdx: >> 1000004 -> 1000100][subflowId: >> 0/0x0000][idx=1480][firstSeen=1509960270/0][direction: RX] >> —snip— >> >> Im concerned about the “NonIP 0.0.0.0” could that be the issue ? >> >> I’m happy to go back to Arista as ask to verify the device config ( >> unfortunately I dont have access to the actual switch ) >> >> regards >> >> Alan >> >> >>> On 06 Nov 2017, at 11:19, Simone Mainardi <maina...@ntop.org >>> <mailto:maina...@ntop.org>> wrote: >>> >>> Alan, >>> >>> Add nProbe options: >>> >>> -i none -n none -V 9 >>> >>> And report. In case you are still not getting the right exporter address, >>> please add -b 2 and report the full nProbe output. >>> >>> Regards, >>> >>> Simone >>> >>>> On 6 Nov 2017, at 09:04, Alan Kemp <a...@irisns.com >>>> <mailto:a...@irisns.com>> wrote: >>>> >>>> Hi Guys >>>> >>>> I’m trying to collect sflow data from some Arista switches, and send them >>>> to a v9 netflow collector for processing. >>>> Which is working but not sending the IP addresses of the Arista exporter. >>>> So I ran the below command, just sending the %EXPORTER_IPV4_ADDRESS to >>>> text ( to avoid any issues with the netflow collector ), and I’m seeing >>>> 0.0.0.0 as the address a not the Arista’s >>>> >>>> I’m running >>>> —snip— >>>> sudo nprobe --collector-port 9995 -P ./flows/ -0t -b1 -T >>>> %EXPORTER_IPV4_ADDRESS >>>> —snip-- >>>> >>>> The flow files. >>>> >>>> —snip— >>>> $ cat 06.flows >>>> EXPORTER_IPV4_ADDRESS >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> 0.0.0.0 >>>> —snip— >>>> >>>> —snip— >>>> $ nprobe -v >>>> >>>> Welcome to nProbe v.8.1.171023 (r5930) for x86_64-unknown-linux-gnu >>>> with native PF_RING acceleration. >>>> Copyright 2002-17 ntop.org <http://ntop.org/> >>>> >>>> Build OS: Ubuntu 14.04.5 LTS >>>> SystemID: 68A92F4082082B27 >>>> GIT rev: dev:43a3588533e0f6caef51417e3e3f95734e17c334:20171023 >>>> License: Invalid nProbe license (/etc/nprobe.license) [Missing >>>> license file] >>>> >>>> —snip— >>>> >>>> >>>> Please can someone point me in the right direction or tell me what I’m >>>> doing wrong. >>>> >>>> Regards >>>> >>>> -- >>>> Alan Kemp >>>> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) >>>> Mobile: +27 83 257 5970 >>>> IRIS Network Systems >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it> >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >>> _______________________________________________ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it> >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >> -- >> Alan Kemp >> Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) >> Mobile: +27 83 257 5970 >> IRIS Network Systems >> >> >> >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Alan Kemp Support: 0861 IRISNS (474767) or +27 21140 IRIS (4747) Mobile: +27 83 257 5970 IRIS Network Systems
_______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
